Advanced Kubernetes Security: Learn By Hacking (3 days + 1 CTF day)

This comprehensive course, created by Hacking Kubernetes author and SANS instructor Andrew Martin, explores Kubernetes architecture, security, and delivery through offensive and defensive approaches.

From building applications into containers and appraising supply chain vulnerabilities, through runtime detection and monitoring, to evading the system’s defences and popping shells in Kubernetes, this course gives you the tools you need to understand how to attack and defend against present and future threat actors. Attendees will gain hands-on experience building, exploring, and securing real-world systems.

Course Outline

• Container exploitation by example
• Kubernetes attack surface
• Kubernetes deployment pipelines
• Source control signing and verification
• Container image vulnerability scanning
• Circumventing pipeline controls
• Image signing with Cosign and Notary
• Pipeline metadata collection and enforcement
• Supply-chain verification with in-toto and Tekton Chains
• Kubernetes & container security testing
• Secure GitOps deployments with Flux
• Users, identity, and RBAC
• Runtime security and intrusion detection
• Network policy and lockdown
• Service meshes and workload identity
• Advanced container isolation

Who Should Attend

This course is suitable for intermediate to advanced Kubernetes development, operations, and security teams, penetration testers, vulnerability assessors, and hands-on SOC analysts. Operational knowledge of Linux, Docker or Podman is a prerequisite and Kubernetes experience is essential. It is particularly beneficial for those operating Kubernetes in a high-compliance domain, and for established security professionals looking to update their skills for the cloud native world.

Learn More

To understand how we collaborate with your team, customise to your needs, or talk to one of our instructors, contact us.